Pear Therapeutics

reSET® Patient Privacy Policy

PEAR THERAPEUTICS, INC

RESET PATIENT FACING MOBILE APPLICATION PRIVACY POLICY AND NOTICE

This service is provided by Pear Therapeutics, Inc

THIS PRIVACY POLICY AND NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Through its mobile application for Patients (“Patient”, “you” or “user”), Pear Therapeutics, Inc (“Pear Therapeutics”, “we” or “us”) provides digital prescription therapies designed to improve Patient outcomes.  These prescription therapies include data collection, storage, analysis and reporting tools, functions and related services, which are collectively referred to in this Privacy Policy as the Service.   We also operate a website for Clinicians and Clinical Partners at www.pear.md (the “Website” or “Site”) through which Clinicians and Clinical Partners view Patient information and monitor Patient use of the App and the Service.

This Privacy Policy covers how Pear Therapeutics collects, receives, uses, retains, and discloses Personally Identifiable Information (“PII”) and Protected Health Information (“PHI”) on its patient-facing mobile application (the “App”) or Site.  PII includes information about you that is personally identifying such as your name, email address, and phone number and which is not otherwise publicly available.  PHI includes information relating to your health, for example medical history, test and laboratory results, insurance information and other data that a health care professional collects to identify an individual and determine appropriate care.  PII and PHI may include other types of information depending on the legal definition that applies in your physical location.  Only the legal definitions of PII and PHI that apply in your location will apply to you under this Privacy Policy.   PII and PHI are referred to collectively in this Privacy Policy as “Personal Data.”

Clinical Partners are hospitals, clinics, practices or other medical groups or health care systems that have contracted with Pear Therapeutics to permit use of the Service by their respective Clinicians and  Patients; Clinicians are practitioners, patient advocates, coaches or other individuals who (as employees of or contractors to a Clinical Partner) provide health care or related services to Patients; Pharmacy Partners are pharmacies that have contracted with Pear Therapeutics to facilitate the use of the Service by their respective Clinicians and Patients; and Patients are individual patients of the Clinical Partner who receive medical treatments or other health care services from one or more Clinicians, or individuals who are properly authorized representatives of any such patient.

Clinicians, Clinical and Pharmacy Partners provide your Personal Data to Pear Therapeutics in order to register you as a user of the Service.   As you use the App and the Service, the information you provide through the App and Service will be viewed by your Clinician and Clinical Partner on the Site to enable your health care team to provide therapy and treatment.

The App is available only to Patients who have been given the necessary password or similar credential to access the Service.  In order to receive access to and use the Service, Patients must have given their consent to a Clinical or Pharmacy Partner or Clinician to the use and disclosure of their information as described in this Privacy Policy.  Users must also provide their consent to Pear Therapeutics, as described below.

Agreement

By using the App or the Service, and/or by providing Personal Data to Pear Therapeutics, you accept and hereby expressly consent to our collection, use, retention, and disclosure of your Personal Data in accordance with the terms of this Privacy Policy. If you choose not to provide the requested information you will not be able to access the Service.

Pear Therapeutics’ Obligations

Pear Therapeutics is required to maintain the privacy of protected health information, to provide Patients with notice of its legal duties and privacy practices with respect to protected health information, and to notify affected individuals following a breach of unsecured protected health information.

Pear Therapeutics is required to abide by the terms of this Privacy Policy and Notice currently in effect.   However, this Privacy Policy may change from time to time, so please check back periodically to check the most recent modification date to ensure that you are aware of any changes in our processing of your Personal Data.  Your continued use of the App or the Service after any changes signifies your express, explicit, voluntary and unambiguous consent to any such changes.   If you do not agree to such changes, you must immediately stop using the Site.  This Privacy Policy was last modified on December 5, 2018.

Information Collection and Use; Choice and Consent

Uses and Disclosures

Patients must be registered on the App and have an active account in order to use the Service. We receive Personal Data about Patients from a Clinician, Clinical or Pharmacy Partner in order to establish an account and for you to be able to register for and use the Service and identify you as an authorized Patient.  Pear Therapeutics may collect Personal Data when Patients are registered through the Site and confirmed within the App.

When registering on the App, we collect your email address and password. We combine this information with the Personal Data about you that we receive from the applicable Clinician, Clinical or Pharmacy Partner to create your user profile and provide you with the Service.   When you use the App, we may also collect information from you relating to your treatment for and use of controlled substances.  It is always your choice whether or not to provide us with such information, which we will share with the Clinician, Clinical or Pharmacy Partner.  In sum, Pear Therapeutics uses Personal Data and information you provide to us through the App and the Service to:

  1. Provide the Service and treatment, for example Pear Therapeutics may use or disclosure protected health information for the purpose of allowing it, Clinician, Clinical and Pharmacy partners to provide treatment, contact you about reminders and treatment effectiveness and alternatives;
  2. Communicate with you, for example to reset password or reminders;
  3. Communicate with your Clinicians, Pharmacy and Clinical Partners as applicable to review the functionality and effectiveness of treatment including this and other prescriptions provided by Clinician;
  4. For payment – we may use/disclosure your information for the purpose of allowing us as well as our partners to secure payment for services provided to you;
  5. For health care operations – we may compile information and Analytics about you, your use of the App and other treatments and share those with our Partners;
  6. Create user profiles;
  7. Create de-identified analytical information about the effectiveness of the Services and overall improvement thereof;
  8. Reply to your request for information or comments

Analytics

When you use the App or the Service, we collect de-identified information relating to your browser or device type, the time and date you use the Service, operating system, identification of Site or App page views, use of particular Service features, geographic location and other statistical information relating to your use of the App or the Service but which does not identify you.  This information is referred to in this Privacy Policy as “Analytics.”  We use Analytics to develop, improve, extend and test the Service (and underlying technology platforms); to market and promote Pear Therapeutics and the Service; and we disclose, distribute and transmit Analytics to Clinical and Pharmacy Partners for their use.

Authorization for Disclosures to Third Parties

Pear Therapeutics obtains your authorization regarding gift rewards vendors.  Pear Therapeutics or reSET does not disclose your information (name, protected health information) to gift card vendors.  However, by providing the Patient with a gift card from a gift card vendor, the gift card vendor can potentially trace the Patient to Pear Therapeutics or reSET.  Additionally, the Patient may be required to provide the gift card vendor with the Patient’s name and contact information such as email.  This will permit the gift card vendor to trace the Patient to Pear Therapeutics or reSET and may identify Patient as having applied to or receiving alcohol, drug abuse or mental health treatment.

A separate authorization would also be required for

  • Use and disclosure of protected health information for marketing purposes
  • Use and disclosure of psychotherapy notes
  • Uses and disclosures not described in this Notice and Privacy Policy

Withdrawing Consent

You may withdraw your consent to further use of your Personal Data by discussing this request with your Clinician or emailing a request to us at optout@peartherapeutics.com.  We will respond to your request in accordance with the law that applies to you. Your Personal Data which we processed prior to your request may not be deleted from our Site or Service system records but will be blocked from further processing without your permission.  A request to withdraw consent may not apply to information collected by tracking technologies or used internally to recognize you and/or facilitate your visits to the Site, or information we may keep to comply with legal requirements. Any such requests that relate to Protected Health Information or similarly protected health information will be addressed consistent with the requirements of the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rules or other applicable laws.

A Clinician may access, change, or modify your information, according to the privacy policy of that Clinical Partner. If you wish to access, amend, or modify your information in any way, please discuss this change with your Clinician.

Protecting Your Information

Certain health and medical information about you is protected under the Health Insurance Portability and Accountability Act (“HIPAA”) and applicable state law. This information may be provided by you online or offline, or may be collected by us from other methods such as through a health care provider. We protect covered health and medical information as required by HIPAA and applicable state law. Similarly, we may use covered health and medical information as permitted by HIPAA and applicable state law.

Pear Therapeutics uses secure server software (SSL), firewalls, and end-to-end encryption to protect your Personal Data from unauthorized access, disclosure, alteration, or destruction. All Personal Data is transmitted, stored, and processed in a secure environment in accordance with the Privacy and Security Rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and related guidance. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its security.

We will retain Personal Data for as long as necessary to provide our services, but in no case later than 6 years following termination of Services or withdrawal of your consent. We will retain and use Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Information Sharing and Disclosure

Your Personal Data will be shared with your health care team, including Clinicians, Clinical and Pharmacy Partners, which they will access and view through the Site. We disclose your Personal Data and non-Personal data to third party vendors who help us operate the Site. These third parties are contractually obligated to maintain the confidentiality of your Personal Data consistent with the terms of this Privacy Policy and to comply with the applicable data protection laws.

We will disclose your information in response to valid legal process, for example, in response to a court order, a subpoena or other legal request for information, and/or to comply with applicable legal and regulatory reporting requirements. We also may disclose your information in response to a law enforcement agency’s request or other request for information from the U.S. or other government entities, or where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, or to verify or enforce compliance with the policies governing our products and/or services and with applicable laws, or as otherwise required or permitted by law or consistent with legal requirements. In addition, we may, upon notice to you and/or your Clinical Partner, transfer your information to an entity or individual that acquires, buys, or merges with Pear Therapeutics, or our other business units.

We share Analytics with Clinicians, Clinical and Pharmacy Partners for their internal use and with other third parties to market and promote Pear Therapeutics and the Service.

Links to Other Sites; Third Party Apps; Transactions with Third Parties

The Site may contain links to other sites that are not owned or controlled by Pear Therapeutics. Please be aware that we are not responsible for the privacy practices of these other sites. We encourage you to review the privacy policies and statements of other sites to understand their information practices. Our Privacy Policy applies only to information collected by our Site and Services.

You may be able to obtain an App, access the Service and/or communicate with the Service from, and you may be able to link or communicate from the Service to, applications, devices, distribution platforms and websites owned and operated by Clinical or Pharmacy Partners and/or by Apple, Google or other third party distribution platform operators (“Channel Partners”). These other applications, devices, platforms and websites belong to third parties and are not operated or controlled by Pear Therapeutics.   Our Privacy Policy does not apply to any information collected, received, used, processed, transferred or disclosed by such third parties. Additional or different terms and conditions (including without limitation, privacy and security practices) apply when you access and use third party applications, devices, platforms and websites, which are not the responsibility of Pear Therapeutics.

Pear Therapeutics is not responsible for and will not be a party to any transactions between you and a third party provider of products, information or services. Pear Therapeutics does not monitor such transactions or ensure the confidentiality of your Personal Data, including credit card information, for any third party transaction. Any separate charges or obligations you incur in your dealings with these third parties linked to Pear Therapeutics’ Site are solely your responsibility.

Children

Our Service is intended for individuals who are over age 18. If you believe a child who is under age 13 has used the Service and entered personal health information, please contact us using one of the options provided below.

Patient Rights Regarding Protected Health Information

Under HIPAA, you have certain rights with respect to protected health information, including:

  • request restrictions on certain uses and disclosures of protected health information; however, Pear Therapeutics is not required to agree with the requested restriction and due to technical and administrative limitations, Pear Therapeutics reserves the right to terminate Services;
  • receive confidential communications of protected health information;
  • inspect and copy protected health information;
  • amend protected health information;
  • receive an accounting of disclosures of protected health information;
  • obtain a paper copy of the notice upon request.

Your California Privacy Rights; California Do Not Track Disclosures

If you are a California resident, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your Personal Information by Pear Therapeutics or its subsidiaries to a third party for the third party’s direct marketing purposes. Since we do not make such disclosures, we are exempt from these reporting requirements.

Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and services (including behavioral advertising services) that you do not wish such operators to track certain of your online activities, over time and across different websites. We do not honor “Do Not Track” signals.

Accessing Your Information

Your Clinician may access, review, change, or update your Personal Data through the Site, and you should speak to your Clinician to make changes on your behalf.  You may reset your password through the App by following the password reset instructions.

Contact Us About Complaints, Questions or Notices relating to this Privacy Policy

Pear Therapeutics commits to resolving complaints about your privacy and our collection or use of your Personal Data.  If you believe your privacy rights have been violated or you disagree with any action Pear Therapeutics has taken with regard to your Personal Data, you may file a complaint with Pear Therapeutics by emailing us at security@peartherapeutics.com.   If you feel Pear Therapeutics has violated your health information privacy rights, you may also file a complaint under HIPAA with the U.S. Department of Health and Human Services, Office of Civil rights (OCR). Pear Therapeutics will not take any action against you for making a complaint to OCR.

If you would like more information about your privacy rights, the privacy policy or, if you have questions or suggestions, please email us at security@peartherapeutics.com.  You may also contact us at:

Pear Therapeutics, Inc
Attn: Security Official
201 Mission, Suite 1450
San Francisco, CA 94105

Terms of Service

Please also visit the Terms of Service, accessible from the app menu, establishing the use, disclaimers, and limitations of liability governing the use of our website at www.pear.md/legal/terms.

SGA006.D – December 5, 2018